FWIW, I'm not a member of the community. I play Wesnoth off and on for a few weeks every couple of years. I also like the random element and don't much care about characterization, world-building, lore or storytelling. Not that I don't like those things, just that Wesnoth is more of an occasional light diversion for me, so those things don't mean much.

Sure, it does, which is why managers convert such things into spot bonuses -- which are generally several thousand dollars.

The downside of rewarding primarily with peer bonuses is that it might create a culture of doing good stuff for peers in order to collect peer bonuses rather than doing good stuff for peers because it's abstractly good to do good stuff for peers. I don't know how real it was or was not, but I have heard that some obnoxious Googlers with special skills or access or knowledge made a habit of demanding multiple peer bonuses before being willing to do some task for some other team that needed it. The "one bonus per" rule pretty much eliminates that because -- to people as well-compensated as Googlers -- a single $125 bonus isn't worth the overhead of negotiating; it's much more effective to just be "nice" and do stuff for people who need it, gathering the occasional peer bonus and lots of kudos, as well as building the network of people who will offer support at promotion time and/or help you out when you need it.

The effect is the same: it incents employees with special skills or access or knowledge to help their peers, but makes it more of a "gift economy" where everyone tries to be helpful to others in expectation of eventual good karma coming back to them, rather than one of barter and bargaining in which people jealously protect their advantages.

"One front-line manager" != "management". The latter implies higher levels of company leadership.

The first correct question is why on earth would someone need to access half a petabyte? In most cases the commonly accessed data is less than 1%. That's the amount of data that realistically needs to reside on disk. It never is more than 10% on such a large dataset.

Never say never. We have data sets several times larger than that which are 100% always online due to client access patterns. Not only online, but extremely latency critical. And I personally could name a dozen other companies with similar requirements.

Where I work we deal with data sets of a similar order. However, different data sets are stored differently depending on need. For online relational data where performance is critical, it's in master/slave/backup DB clusters running with 4.8TB PCIe SSDs. The backups are taken from a slave node and stored locally, plus they're pushed offsite. No tape, if we need a restore we can't really wait that long.

For data we can afford to access more slowly we use large HDFS clusters with regular SATA discs. There's a level of redundancy built in there, and where data is important enough to need a real backup (much of it is not) it is also pushed offsite. The HDFS approach has the advantage of presenting as a very large filesystem, and obviously if you're running hadoop against it there's an automatic advantage.

The problem with decrying BYOD as being "only for convenience" is that, when it comes down to it, basically all enterprise tech is "only for convenience". Tech exists within an organization to allow their employees to be more effective, more efficient, react faster, etc. That's what it's for. Convenience isn't a reason to ignore a technology, it should be the most important reason to adopt it.

I've worked in security in one of the most paranoid companies around and I totally get the need to protect the network - but the approach of just default denying everything because it's easier than figuring out how to allow something in a safe manner is lazy, and dare I say it, just for your convenience.

Spot bonuses are generally much larger than $125. The spot bonuses I've received have been several thousand dollars each. Peer bonuses are $125. And Googlers don't pay for meals :-)

(I do pay for my meals, but that's because I work remotely. So I don't get all the on-campus perks... but I also don't have the insane cost of living.)

It's orthogonal to that narrative. It could be that Erica's manager decided not to give her the bonuses because she's a woman, or because she's black, and the other manager decided to give her colleague the bonuses because he's a man, or white (assuming he is -- I don't know, but it's probable given the demographics). Or not. Given the vast array of possible reasons for the two managers to choose differently, I don't see any reason to assume it's because they're bigots. My wild guess is that her manager was annoyed by the spreadsheet and the other guy's manager thought it was cool, so her manager found reasons in the rules to reject her bonuses until beaten down by the volume, and the other manager approved them all.

Seems far more likely than sexism or racism to me. But I could be wrong. We don't know, and never will.

You are conflating a world that is becoming warmer with a world that just *is* warmer. It may be true (I take no position) that a world that is 4-5 C warmer is better for certain classes of poor people (e.g., subsistence farmers). But a world that is changing rapidly is a calimity to poor people tied to the land, especially in a modern world with national boundaries and private property where you just can't pick up and move like our paleolithic ancestors would have.

Management didn't "freak". The spreadsheet in question is alive and well, and Google employees continue adding their information to it (I did). If management really wanted gone, it would be taken down. Erica Baker's manager wasn't happy about it, and she was invited to talk to her manager about it. It may or may not have bothered someone above her manager; Erica doesn't know and neither do we.

Her manager also chose to interpret the peer bonus rules such that the bonuses peers sent her forward weren't given to her. That's at least partly correct on her manager's part. The peer bonus rules say that any given action/effort can only be rewarded once. If the manager feels that it was a really valuable contribution the manager can choose to discard the peer bonus ($125) and instead award a larger spot bonus (amount variable), but only one peer bonus per act.

What is a little bit weird was that Erica said peer bonuses were rejected before one was approved, so the rejections before the approval weren't due to the one PB per action rule. Also weird is that Erica said her colleague got multiple bonuses for the spreadsheet. That shouldn't normally happen.

You're presumptuously assuming that I don't understand that there are exceptions.

The approach I recommend will, however, work for the vast majority of employees, assuming the necessary apps exist or can be built (or front-ended... ick, but it sometimes is the best option). Then, with the majority use cases out of they way, the security team can turn their attention to dealing with the special cases -- isolating them, locking them down to the degree possible and monitoring what can't be locked down. Or, in really special cases, training the users and making them responsible for their own security. That last tends to be the best option with developers.

Firewalls are not a solution. They're a small piece of a solution, but that's all. Firewalls segment networks, which is good because it reduces the scope of the attacks that have to be considered, but any good security design should assume that attackers will be able to get onto any network that has users.

Even better, move all applications to the web, so everything runs on central servers which are much easier to manage and secure than a fleet of personal computers. Give users Chromebooks or another thin client configuration and don't let them install software.

IDS is good, but primarily for reducing the duration of an intrusion and trying to estimate the scope of the damage. IDS almost never reacts quickly enough to stop an intrusion.

Preventing the installation of viruses is far better than removing them.

If the users can't install and run what they download, then it doesn't matter what they download.

Totally. Most enterprise password policies are ridiculous. High-entropy passwords are neither necessary nor sufficient for securing systems. Multi-factor auth is more secure, and makes it possible to set reasonable password policies. Say, eight characters, alphanumeric, maybe require one non-alphanumeric symbol. Annual rotation is good, unless there is some reason to believe the password may have been compromised. Users can deal with that.

Three-factor authentication is great, and not actually all that difficult. One factor is the password. Another is some sort of one-time password generator or, even better, a USB dongle that requires user activation (OTPs can be phished -- a user you can social engineer into giving you their password will also give you an OTP, in fact it's even easier to phish an OTP than a normal password). The third is a client-side digital certificate installed on the machine after verification that it complies with corporate security policies. Use Puppet or similar to not only keep the machine up to date, but identify if it gets out of date and if it does, revoke the certificate.

Another crucial key to successful security is single sign-on. I can remember one moderately good password easily. Require me to know several and I'll have to write them down or reuse the same one everywhere. If I reuse the password we have none of the security benefits of multiple passwords and all of the password management headaches. So users should have one, strongly-secured, account that crosses all company systems. This is another benefit of web apps over local applications: You can secure all of your web apps behind a single set of authentication credentials by deploying them behind a reverse proxy server. That server handles authentication and provides a signed, time-limited user ID token to the systems it fronts.

Also, it's worth pointing out that commercial shippers do insure their transport vehicles. Though larger entities (like UPS) almost certainly self-insure, since they can absorb the risk at lower cost.

In this case the actual value of the cargo is negligible; what matters is getting it to the space station. Since NASA only pays for the transport if the cargo arrives, they're already covered for all but the tiny cost required to replace the cargo itself. If anyone were to seek insurance it would be SpaceX, since they're the ones at financial risk.

You trust banks?

You might want to get out a bit more, sonny.